ifIndex in FLOW->if_index_in and FLOW->if_index_out set to 0

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Analyze source code from files netflow1.c and netflow5.c 
2. Look for following snippet in function send_netflow_v[15]:
if (j == 0) {
                        memset(&packet, '\0', sizeof(packet));

3. Run tcpdump and see generated netflow packets.

According to IF MIB Definition of ifIndex 
(http://net-snmp.sourceforge.net/docs/mibs/IF-MIB.txt) ifIndex has to be 
greater than zero. Right now both ifIndex fields in every flow are set to 0.
The problem applies to version 0.9.8 and 0.9.9.

Because of the problem Netflow Analyzer Enterprise Edition from from 
ManageEngine (http://www.manageengine.com/products/netflow/) refuses to see 
such flows.

The problem can be fixed with following code:
flw->if_index_out = flw->if_index_in = htons(1);
It's necessary to add the string in the functions send_netflow_v[15] just 
before following code:
offset += sizeof(*flw);
j++;

I attached full patch for it.

Or try to map SNMP-index of given on command line interface name.
But it's more complicated.

With best regards,
Maxim Zimovets

Original issue reported on code.google.com by [email protected] on 20 Apr 2012 at 5:46

Attachments:

• netflow.patch

[GoogleCodeExporter]

Does the attachment, netflow.patch work for netflow v9? 

Original comment by [email protected] on 3 Apr 2013 at 1:54

[GoogleCodeExporter]

No, I was not interseted in Netflow v9 at that time.

Original comment by [email protected] on 4 Apr 2013 at 10:51